CVE-2011-4126
Publication date 27 October 2021
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
Notes
sbeattie
Ubuntu, from 10.10 (maverick) and after, uses the udisk-based shell script that Martin Pitt wrote instead of the upstream calibre setuid helper. In Ubuntu 10.04 LTS (lucid), the calibre package does not include the setuid helper at all.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 · High |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |